Malformed JWT from Node API

I am trying to retrieve claims and user/organisation metadata from a JWT, but the checkJWT middleware is returning ‘Malformed JWT’. Is this possibly due to a misconfiguration on on our Auth0 management console?

This is the code I currently have (domain omitted):

const jwt = require('express-jwt');
const jwks = require('jwks-rsa');

// Create middleware for checking the JWT
checkJwt = jwt({
  secret: jwks.expressJwtSecret({
    cache: true,
    rateLimit: true,
    jwksRequestsPerMinute: 5,
    jwksUri: '<domain>.well-known/jwks.json'
audience: '',
issuer: '<domain>',
algorithms: ['RS256']


Upon logging the JWT, it appears to be different to usual formatting, the first and second section separated by two consecutive periods (..), and more than 3 sections overall.


Hi, did you work out what it was? I’m having the same problem…